A. Technical Field
The present invention relates to security devices for integrated circuits (ICs), and more particularly, to devices to protect ICs from backside security attacks.
B. Background of the Invention
With the advent of modern wafer processing technology, IC manufactures have developed various approaches to increase the security threshold of ICs. For example, all embedded memories are encrypted on modern security ICs. Also, design rules applied to modern implementations ensure that security related signals are routed to the lower metal layers of ICs, making the invasive frontside analysis significantly more difficult to perform. In another example, meshes are implemented to protect against the frontside attack, which are redundant layers of metallization on top of the IC itself. Typically, meshes are deposited over multiple layers of metallization to enhance the likelihood of detecting a fault. If the IC is compromised by an attacker and a fault is detected, the IC can subsequently execute a mitigation routine that destroys secret data stored in the IC.
However, conventional approaches lack sufficient protection against the backside attacks on the IC. FIG. 1 shows a cross section diagram of a conventional die 100, where several portions of the substrate 104 are removed to form trenches for backside security attacks. The die 100 includes the substrate 104 and a layer 110, where the line 118 represents the original top surface of the substrate before the layer 110 is deposited on the substrate. Several components may be deposited in the layer 110. For example, the meshes 116 may be implemented on the frontside of the die 100 to prevent the frontside attack. In another example, a transistor 120a may include a pair of drain and source diffused into the substrate 104 and a gate 122 deposited above the line 116, where these components are disposed in an active device region 106. Individual transistors may be connected to each other by metal interconnects, situated above the transistor level. For the purpose of illustration, only seven metallization layers on top of the gate layer are shown in FIG. 1. The transistors are separated from each other using various isolation techniques, such as Shallow Trench Isolation (STI).
For backside security attacks, the lower portion 105b of the substrate 104 may be milled or polished, where the typical thickness of the lower portion is about 300 μm. Then, depending on the types of attacks, the remaining upper portion 105a of the substrate 104, which has a typical depth of about 15 μm, may be removed at different depths, forming trenches. Smaller area of interest, where there is critical information, is further milled down to a small thickness so that the data flow can be measured by suitable techniques, such as laser scanning or other visual techniques. For instance, the attacker may use Focused Ion Beam (FIB) technique that is an invasive technique for editing circuits. FIB technique is commonly used to permanently modify a portion of the layer 110 and/or selectively remove passivation with a high degree of accuracy. FIB technique can connect nodes in the layer 110 as well as sever the connection between connected nodes, to thereby extract the secured information from the die 100. To apply the FIB technique, the attacker may make a trench 124a on the upper portion 105 of the substrate 104 so that the ion beam illuminated from the backside of the die 100 may reach the components in the layer 110.
Some of the transistors in the die 100 may be separated by the Shallow Trench Isolation (STI) process from each other. In general, during the STI process, N− wells, drains and sources are diffused in the upper portion 105a of the substrate. To get access to the target transistor 120b separated by the STI process, the attackers may remove a portion of the 105a to form a trench 124b below the transistor 120b. Then, the attacker may modify the fuse bit of the transistor 120b so that the copy protection mechanisms of the die 100 can be circumvented to thereby extract the secret information stored in the die.
To edit the circuit in the die 100, the attacker may make a trench 124c up to a target transistor 120c and remove a bottom portion of the target transistor. The attacker may manipulate the transistor 120c to change decisions, to thereby control/access to signals in the die 100 and extract secret information stored in the die.
For the purpose of illustration, only three types of backside security attacks are shown in FIG. 1. However, the attacker may make trenches of different shapes and depths, depending on the types of backside security attacks. Currently, the conventional dies lack a suitable protection mechanism and are vulnerable to the backside security attacks. Therefore, a better solution is needed to provide a mechanism to protect the dies from the backside security attacks.